Page images
[graphic][merged small][subsumed][subsumed][subsumed][subsumed][subsumed][subsumed][merged small]



NBS Special Publication 500-21, Volume 1
National Bureau of Standards

[blocks in formation]


The National Bureau of Standards' was established by an act of Congress March 3, 1901. The Bureau's overall goal is to strengthen and advance the Nation's science and technology and facilitate their effective application for public benefit. To this end, the Bureau conducts research and provides: (1) a basis for the Nation's physical measurement system, (2) scientific and technological services for industry and government, (3) a technical basis for equity in trade, and (4) technical services to promote public safety. The Bureau consists of the Institute for Basic Standards, the Institute for Materials Research, the Institute for Applied Technology, the Institute for Computer Sciences and Technology, the Office for Information Programs, and the Office of Experimental Technology Incentive: Program. THE INSTITUTE FOR BASIC STANDARDS provides the central basis within the United States of a complete and consistent system of physical measurement; coordinates that system with measurement systems of other nations; and furnishes essential services leading to accurate and uniform physical measurements throughout the Nation's scientific community, industry, and commerce. The Institute consists of the Office of Measurement Services, and the following center and divisions:

Applied Mathematics Electricity Mechanics Heat — Optical Physics Center for Radiation Research Laboratory Astrophysics — Cryogenics” Electromagnetics – Time and Frequency'.

THE INSTITUTE FOR MATERIALS RESEARCH conducts materials research leading to improved methods of measurement, standards, and data on the properties of well-characterized materials needed by industry, commerce, educational institutions, and Government; provides advisory and research services to other Government agencies, and develops, produces, and distributes standard reference materials. The Institute consists of the Office of Standard Reference Materials, the Office of Air and Water Measurement, and the following divisions:

Analytical Chemistry Polymers Metallurgy Inorganic Materials Reactor Radiation Physical Chemistry.

THE INSTITUTE FOR APPLIED TECHNOLOGY provides technical services developing and promoting the use of available technology; cooperates with public and private organizations in developing technological standards, codes, and test methods; and provides technical advice services, and information to Government agencies and the public. The Institute consists of the following divisions and centers:

Standards Application and Analysis Electronic Technology – Center for Consumer Product Technology: Product Systems Analysis; Product Engineering Center for Buiding Technology: Structures, Materials, and Safety; Building Environment; Technical Evaluation and Application Center for Fire Research: Fire Science; Fire Safety Engineering.

[ocr errors]

THE INSTITUTE FOR COMPUTER SCIENCES AND TECHNOLOGY conducts research and provides technical services designed to aid Government agencies in improving cost effectiveness in the conduct of their programs through the selection, acquisition, and effective utilization of automatic data processing equipment; and serves as the principal focus wthin the executive branch for the development of Federal standards for automatic data processing equipment, techniques, and computer languages. The Institute consist of the following divisions: !

Computer Services Systems and Software Computer Systems Engineering Information Technology. THE OFFICE OF EXPERIMENTAL TECHNOLOGY INCENTIVES PROGRAM seeks to affect public policy and process to facilitate technological change in the private sector by examining and experimenting with Government policies and practices in order to identify and remove Government-related barriers and to correct inherent market imperfections that impede the innovation process. THE OFFICE FOR INFORMATION PROGRAMS promotes optimum dissemination and accessibility of scientific information generated within NBS; promotes the development of the National Standard Reference Data System and a system of information analysis centers dealing with the broader aspects of the National Measurement System; provides appropriate services to ensure that the NBS staff has optimum accessibility to the scientific information of the world. The Office consists of the following organizational units:

[merged small][merged small][ocr errors][merged small][merged small]

1 Headquarters and Laboratories at Gaithersburg, Maryland, unless otherwise noted; mailing address Washington, D.C. 20234. 2 Located at Boulder, Colorado 80302.

Stanford University Libraries

[blocks in formation]

U.S. DEPARTMENT OF COMMERCE, Juanita M. Kreps, Secretary

Dr. Sidney Harman, Under Secretary

Jordan J. Baruch, Assistant Secretary for Science and Technology

NATIONAL BUREAU OF STANDARDS, Ernest Ambler, Acting Director

Issued January 1978

QA 76.9
A 25. C55

Reports on Computer Science and Technology

The National Bureau of Standards has a special responsibility within the Federal Government for computer science and technology activities. The programs of the NBS Institute for Computer Sciences and Technology are designed to provide ADP standards, guidelines, and technical advisory services to improve the effectiveness of computer utilization in the Federal sector, and to perform appropriate research and development efforts as foundation for such activities and programs. This publication series will report these NBS efforts to the Federal computer community as well as to interested specialists in the academic and private sectors. Those wishing to receive notices of publications in this series should complete and return the form at the end of this publication.

National Bureau of Standards Special Publication 500-21, Volume 1
Nat. Bur. Stand. (U.S.), Spec. Publ. 500-21, Vol. 1, 173 pages (Jan. 1978)



Library of Congress Cataloging in Publication Data
Cole, Gerald D.

Design alternatives for computer network security.

(Computer science and technology) (NBS special publication ; 500-21, v. 1)

Supt. of Docs. no.: C13.10:500-21, v. 1.

1. Computers-Access control. 2. Computer networks-Security
measures. I. Branstad, Dennis K. II. United States. National Bureau
of Standards. Institute for Computer Sciences and Technology. III.
Title. IV. Series. V. Series: United States. National Bureau of
Standards. Special publication ; 500-21, v. I.
QC100.U57 no. 500-21, vol. 1 (QA76.9.A25]602’.Is[658.47] 77-608320



For sale by the Superintendent of Documents, U.S. Government Printing Office, Washington, D.C. 20402 (Order by SD Catalog No. C13.10:500–21, Vol. 1), Stock No. 003-003-01881–3 Price $6 per 2 volume set; sold in sets only.

(Add 25 percent additional for other than U.S. mailing).


This publication was originally prepared for the Department of Defense under Contract Number DAAB03-73-C-1488 by the System Development Corporation in 1974. It has been revised for publication by the National Bureau of Standards under contract Number 5-35934. The author of the paper was assisted in its development by members of the System Development Corporation's Systems Security Department including K. Auerback, J. Garwick, H. Grycner, D. Kaufman and the Department Head, C. Weissman. The editor has been assisted by Mrs. Gloria Bolotsky of the Systems and Software Division as well as others within NBS and DOD.

This document was originally prepared under the direction of the Department of Defense. Consequently, some of the nomenclature used is DOD oriented, e.g., classification levels mean Top Secret, Secret, Confidential and Unclassified. Rather than modify this nomenclature throughout the document, the editor requests that the reader adapt the concept of classification levels and protection levels to those accepted in any particular application. Sensitivity level may be substituted throughout the document for classification level if this concept is better defined and accepted.

The terms Security Controller, Network Security Controller, Cryptographic Controller, Key Distribution Center, Network Access Controller and Network Security Center have all been used in the literature to describe the same concept. This concept involves the use of a dedicated computer to control access to a computer network through the control of data encryption keys. An encryption key is a parameter, typically a binary number, that controls the processes of enciphering (encrypting) and deciphering computer data. An authorized user or terminal in a computer network is issued an encryption key to obtain access after the credentials of the user or terminal have been verified. In practice the concept of a security controller incorporates the use of a special process (program) in a computer, a special machine or a number of special machines (mini- or micro-computers) to control the security of the network through the generation and distribution of encryption keys.

A companion publication entitled "THE NETWORK SECURITY CENTER: A SYSTEM LEVEL APPROACH TO COMPUTER NETWORK SECURITY" is the result of the second phase of the NBS computer network security project. The two publications should be read as a series with the understanding that they were developed about two years apart (1974 and 1976). In addition a significant amount of research and development has been done in this area by NBS, SDC and others after these two reports were developed and a great deal of work is still going on. The reader is therefore cautioned that the results contained in these publications are not complete and any recommendations contained in them should not be accepted without further investigation into present developments.

« PreviousContinue »